[ntp:security] NTP security release VU#961909

Art Manion amanion at cert.org
Thu Feb 22 00:17:21 UTC 2018


On 2/21/18 7:10 PM, Harlan Stenn wrote:

> So I should list/track all of the security issues listed for p11 under
> VU#961909 ?

Yes, VU#961909 tracks all the CVE IDs which I suspect map to all of the security issues under p11.  Yes, a bit of a mess.

> We have CVE numbers for all of them.
> 
> I didn't include them in the release as information about the bugs and
> their fixes are generally embargoed.
> 
> Mitre already has the descriptions from when I opened the CVE requests,
> and they said they'd fill out the details when we went public.
> 
> I'm happy to send CERT the details now, if you prefer.

As long as they're issued and MITRE has descriptions, we're good.  I would suggest referencing the CVE IDs in whatever information you make public, such as an advisory and/or bug tracker tickets.  That's a great help to everyone tracking vulnerabilities.

Regards,

  - Art



More information about the security mailing list